• About Us
  • Contact
  • DMCA
  • Home
  • Privacy Policy
  • Terms and Conditions
Tech Vigil
No Result
View All Result
No Result
View All Result
Tech Vigil
No Result
View All Result
Home Data Security

Michigan Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Ronnie Daniels by Ronnie Daniels
August 28, 2023
in Data Security
0
Michigan Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

On December 28, 2018, Michigan followed the National Association of Insurance Commissioners (NAIC) Insurance Data Security Model Law in the shape of Michigan H.B. 6491 (Act). By doing so, Michigan joins Ohio and South Carolina as the 0.33 country to undertake the Model Law and the fifth nation – in conjunction with Connecticut and New York – to have enacted cybersecurity guidelines targeted on coverage organizations. See CT Gen Stat § 38a-999b (2015); 23 NYCRR 500. (Please see our earlier coverage for extra statistics on Ohio and South Carolina’s adoption of the Model Law). Moreover, adoption of the Model Law continues to be gaining steam, with Rhode Island probably next in line.

Michigan’s Act, which adds chapter 5A to Michigan’s Insurance Code, seeks to set up “the different requirements applicable to licensees for information protection, the research of a cybersecurity occasion,” and sure regulatory notifications. MCL § 500.550. The Act defines licensees as people authorized, registered, or certified underneath Michigan insurance laws or required. MCL § 500.553(g). This means all insurers, groups, and brokers doing business in Michigan are included. By contrast, reinsurers domiciled outdoor of Michigan, in addition to danger retention corporations and buying agencies chartered and certified in every other kingdom, are excluded from the Act. Id.

Article Summary show
The Act requires licensees to:
Private Action Provisions
FOIA Protections
Exclusive State Cybersecurity Standards
Dedicated Customer Notice Provisions
Good Faith Acquisition Safe Harbor
Ten Day Reporting Requirement
Additional Safe Harbor for In-State Licensees

The Act requires licensees to:

Develop, put into effect, and hold a comprehensive information safety application that consists of administrative, technical, and bodily safeguards to shield nonpublic statistics and the licensee’s information device within one year of the powerful date of the Act; Perform a threat assessment that includes determining the appropriateness of enforcing protections such as multifactor authentication, ordinary penetration trying out, and encrypting information at relaxation; Develop a proper incident response plan to reply to a cybersecurity occasion as described;

Require third-party service companies to implement security measures to protect and cozy any facts systems and personal information by using January 20, 2023; Report data breaches to the Superintendent inside ten (10) commercial enterprise days after willpower that a cybersecurity event has come about; Certify compliance to the Insurance Department Director by way of filing a written declaration, and Retain for five years all records supporting the certificate of compliance for inspection by the Superintendent. While the Act largely tracks the Model Law, it departs from it in several substantial respects:

Private Action Provisions

The Act expressly forecloses the possibility that its adoption creates or implies a private reason of movement for violating its provisions. However, it no longer “curtail a private reason of action that could exist in any other case” below Michigan regulation. MCL § 500.550.

FOIA Protections

The Act specifies that any documents furnished to NAIC or other third-celebration representatives are not a problem to the kingdom’s freedom of statistics act, subpoena, or discovery in a non-public action. MCL § 500.664(6).

Exclusive State Cybersecurity Standards

Similar to Ohio’s regulation, the Act “establishes the specific standards, for this nation, relevant to licensees for information safety, the research of a cybersecurity occasion, and notification to the director.” Id. The Act provides additional protection for reinsurers, mentioning that they do not have country word responsibilities out of doors of those distinctive under the Act. MCL § 500.560(6). Of course, the Act does no longer supersede federal privateness or facts security legal guidelines, inclusive of HIPAA.

Dedicated Customer Notice Provisions

While the Model Act assumes that customer observes obligations can be equivalent to those required below the country’s preferred statistics breach notification regulation, the Act creates enterprise-specific necessities. MCL § 500.561. In specific, the Act requires observing a cybersecurity occasion to any kingdom resident unless there’s an inexpensive dedication that the event “has no longer or is not in all likelihood to motive sizeable loss or damage” or bring about identification robbery. Id. Such word should be provided “without unreasonable postpone.” MCL § 500.561(b)(four).

In addition to this primary requirement, the Act’s consumer word provisions also offer for the following: Written observe as well as the digital note, phone word or “substitute” notice (i.E. Website posting or word to statewide media) wherein particular conditions are met; Reasonable delay of notice where it’s far important for remediation efforts, or if the delay is asked via regulation enforcement or national security company; Notification to nationwide credit organizations where observe is required to more than 1,000 citizens, and It provides a safe harbor for licensees challenge to and who comply with the consumer observe requirements of HIPAA and guidelines promulgated thereunder.

Good Faith Acquisition Safe Harbor

The Act excludes from its definition of cybersecurity occasion the unauthorized access to records with the aid of a person performing in “exact religion” and in a manner “related to the sports of the character.” MCL § 500.553(c)(ii)(A-B). The Act, for that reason, makes a specialty of the one’s breaches due to 0.33 events maximum possibly to be concentrated on touchy records for nefarious purposes. Like the Model Law, the Act excludes any nonpublic information that becomes encrypted from the definition of a cybersecurity event. MCL § 500.553(c)(i).

Ten Day Reporting Requirement

Association

In a circulate that is extra generous than the seventy-two-hour requirement of the Model Law and the three business days requirement of Ohio’s law, the Act requires a licensee to file a cybersecurity incident to the Department inside “ten commercial enterprise days” after a dedication that one has passed off. MCL § 500.559(1).

Additional Safe Harbor for In-State Licensees

Compared to the Model Act, the Act affords an extra safe harbor for Michigan-primarily based licensees, requiring a document most effective. The cybersecurity occasion has an affordable probability of materially harming a customer or the licensee’s operations. MCL § 500.559(a)(iii). The Model Act affords this safe harbor handiest for out-of-state licensees.

Previous Post

A New Year and a New Approach to State Data Breach Legislation

Next Post

Health Data Security: The Most Promising Technologies

Next Post
Health Data Security: The Most Promising Technologies

Health Data Security: The Most Promising Technologies

No Result
View All Result

Today Trending

Michigan town is banning all cellular telephone use at the same time as riding
Cell Phone

Michigan town is banning all cellular telephone use at the same time as riding

by Ronnie Daniels
August 26, 2023
Travel, gas, computer systems among purchases made through Florida school districts with mental fitness dollars
Computers

Travel, gas, computer systems among purchases made through Florida school districts with mental fitness dollars

by Ronnie Daniels
September 9, 2023
Playing Pictionary towards computers should assist AI learn common sense
Computers

Playing Pictionary towards computers should assist AI learn common sense

by Ronnie Daniels
June 20, 2023
Here Are The Top 6 Gaming Laptops In India One Should Look Out For
Laptops

Here Are The Top 6 Gaming Laptops In India One Should Look Out For

by Ronnie Daniels
September 22, 2023
Made in India laptops for the sector: Kerala-primarily based Coconics will offer less expensive laptops
Laptops

Made in India laptops for the sector: Kerala-primarily based Coconics will offer less expensive laptops

by Ronnie Daniels
September 13, 2023

Popular Post

  • Marketing

    Join Affiliate Marketing & Get Paid for Your Marketing Skills

    0 shares
    Share 0 Tweet 0
  • The 6 belongings you should keep in mind while deciding on the tech stack to your startup

    0 shares
    Share 0 Tweet 0
  • E-commerce portal Hopscotch offers to shop for stocks from employees

    0 shares
    Share 0 Tweet 0
  • Huawei Recognized as Gartner Peer Insights Customers’ Choice for Data Center Networking

    0 shares
    Share 0 Tweet 0
  • 91% of Brands are Moving Toward In-House Digital Marketing [STUDY]

    0 shares
    Share 0 Tweet 0

About Us

TechVigil is the best website where You can get daily update on internet stuff just like digital Marketing, mobile and tech also many more so subscribe our newsletter to never miss any update from us.

Contact Us: admin@techvigil.org

Editior’s Picks

  • TOI Gadgets Now Awards; Samsung Galaxy M10 and M20 release; RComm files for financial disaster and different top tech information of the week
  • Here Are The Top 6 Gaming Laptops In India One Should Look Out For
  • The Biggest Myth About Best Laptops in 2019 Exposed

Newsletter

  • About Us
  • Contact
  • DMCA
  • Home
  • Privacy Policy
  • Terms and Conditions

© 2023 JNews - Premium WordPress news & magazine theme by Jegtheme.

No Result
View All Result
  • About Us
  • Contact
  • DMCA
  • Home
  • Privacy Policy
  • Terms and Conditions

© 2023 JNews - Premium WordPress news & magazine theme by Jegtheme.